CRISC Practice Test

Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?

A.

A control self-assessment

B.

A third-party security assessment report

C.

Internal audit reports from the vendor

D.

Service level agreement monitoring

The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:

A.

resources to monitor backups backup

B.

recovery requests

C.

restoration monitoring reports.

D.

recurring restore failures.

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

A.

Implement a tool to create and distribute violation reports

B.

Raise awareness of encryption requirements for sensitive data.

C.

Block unencrypted outgoing emails which contain sensitive data.

D.

Implement a progressive disciplinary process for email violations

The risk associated with an asset before controls are applied can be expressed as:

A.

a function of the likelihood and impact

B.

the magnitude of an impact

C.

a function of the cost and effectiveness of control.

D.

the likelihood of a given threat

The PRIMARY objective for selecting risk response options is to:

A.

reduce risk 10 an acceptable level.

B.

identify compensating controls.

C.

minimize residual risk.

D.

reduce risk factors.